Memory corruption in DOS_Shell::CMD_DELETE
Posted on 2018-04-13, 16:00
Hi DOSBox developers, I found a memory corruption bug in DOS_Shell::CMD_DELETE and DOS_Shell::CMD_DIR via the ExpandDot function. ExpandDot uses `strcpy` without a size limit and so the stack can be smashed. https://github.com/Henne/dosbox-svn/blob/master/src/shell/shell_cmds.cpp#L192 Indeed if you …